High severity8.6NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026
CVE-2018-2463
CVE-2018-2463
Description
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Affected products
2- Range: 6.*
- Range: = 6.*
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/105339nvdThird Party AdvisoryVDB Entry
- launchpad.support.sap.comnvdPermissions RequiredVendor Advisory
- wiki.scn.sap.com/wiki/pages/viewpage.actionnvdVendor Advisory
News mentions
0No linked articles in our index yet.